skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Controller Switching-Enabled Active Detection of Multiplicative Cyberattacks on Process Control Systems
This work focuses on the problem of enhancing cyberattack detection capabilities in process control systems subject to multiplicative cyberattacks. First, the relationship between closed-loop stability and attack detectability with respect to a class of residual-based detection schemes is rigorously analyzed. The results are used to identify a set of controller parameters (called "attack-sensitive" controller parameters) under which an attack can destabilize the closed-loop system. The selection of attack-sensitive controller parameters can enhance the ability to detect attacks, but can also degrade the performance of the attack-free closed-loop system. To balance this trade-off, a novel active attack detection methodology employing controller parameter switching between the nominal controller parameters (chosen on the basis of standard control design criteria) and the attack-sensitive controller parameters, is developed. The proposed methodology is applied to a chemical process example to demonstrate its ability to detect multiplicative sensor-controller communication link attacks.  more » « less
Award ID(s):
2137281
PAR ID:
10416875
Author(s) / Creator(s):
; ;
Date Published:
Journal Name:
American Control Conference
Page Range / eLocation ID:
2473 to 2478
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; (, 14th International Symposium on Process Systems Engineering)
    In this work, multiplicative cyberattacks targeting the sensor-controller communication link of a process control system are considered. The interdependence of detectability of an attack with respect to a general class of residual-based detection schemes and the control parameters is characterized. Exploiting this dependence, a controller screening methodology that may be used to incorporate cyberattack detectability into the standard controller design criteria is presented. Using a chemical process example, the application of the controller design screening to a nonlinear process is demonstrated. 
    more » « less
  2. (, 2020 American Control Conference (ACC))
    The work provides a general model of communication attacks on a networked infinite dimensional system. The system employs a network of inexpensive control units consisting of actuators, sensors and control processors. In an effort to replace a reduced number of expensive high-end actuating and sensing devices implementing an observer-based feedback, the alternate is to use multiple inexpensive actuators/sensors with static output feedback. In order to emulate the performance of the high-end devices, the controllers for the multiple actuator/sensors implement controllers which render the system networked. In doing so, they become prone to communication attacks either as accidental or deliberate actions on the connectivity of the control nodes. A single attack function is proposed which models all types of communication attacks and an adaptive detection scheme is proposed in order to (i) detect the presence of an attack, (ii) diagnose the attack and (iii) accommodate the attack via an appropriate control reconfiguration. The reconfiguration employs the adaptive estimates of the controller gains and restructure the controller adaptively in order to minimize the detrimental effects of the attack on closed-loop performance. Numerical studies on a 1D diffusion PDE employing networked actuator/sensor pairs are included in order to further convey the special architecture of detection and accommodation of networked systems under communication attacks. 
    more » « less
  3. ; ; ; (, IEEE)
    In this paper, we have proposed a resilient reinforcement learning method for discrete-time linear systems with unknown parameters, under denial-of-service (DoS) attacks. The proposed method is based on policy iteration that learns the optimal controller from input-state data amidst DoS attacks. We achieve an upper bound for the DoS duration to ensure closed-loop stability. The resilience of the closed-loop system, when subjected to DoS attacks with the learned controller and an internal model, has been thoroughly examined. The effectiveness of the proposed methodology is demonstrated on an inverted pendulum on a cart. 
    more » « less
  4. ; (, Intelligent Computing. SAI 2023. Lecture Notes in Networks and Systems)
    There are a variety of ways, such as reflashing of targeted electronic control units (ECUs) to hijacking the control of a fleet of wheeled mobile robots, through which adversaries can execute attacks on the actuators of mobile robots and autonomous vehicles. Independent of the source of cyber-physical infiltration, assessing the physical capabilities of an adversary who has made it to the last stage and is directly controlling the cyber-physical system actuators is of crucial importance. This paper investigates the potentials of an adversary who can directly manipulate the traction dynamics of wheeled mobile robots and autonomous vehicles but has a very limited knowledge of the physical parameters of the traction dynamics. It is shown that the adversary can exploit a new class of closed-loop attack policies that can be executed against the traction dynamics leading to wheel lock conditions. In comparison with a previously proposed wheel lock closed-loop attack policy, the attack policy in this paper relies on less computations and knowledge of the traction dynamics. Furthermore, the proposed attack policy generates smooth actuator input signals and is thus harder to detect. Simulation results using various tire-ground interaction conditions demonstrate the effectiveness of the proposed wheel lock attack policy. 
    more » « less
  5. ; ; (, Processes)
    A fundamental problem at the intersection of process control and operations is the design of detection schemes monitoring a process for cyberattacks using operational data. Multiplicative false data injection (FDI) attacks modify operational data with a multiplicative factor and could be designed to be detection evading without in-depth process knowledge. In a prior work, we presented a control mode switching strategy that enhances the detection of multiplicative FDI attacks in processes operating at steady state (when process states evolve within a small neighborhood of the steady state). Control mode switching on the attack-free process at steady-state may induce transients and generate false alarms in the detection scheme. To minimize false alarms, we subsequently developed a control mode switch-scheduling condition for processes with an invertible output matrix. In the current work, we utilize a reachable set-based detection scheme and use randomized control mode switches to augment attack detection capabilities. The detection scheme eliminates potential false alarms occurring from control mode switching, even for processes with a non-invertible output matrix, while the randomized switching helps bolster the confidentiality of the switching schedule, preventing the design of a detection-evading “smart” attack. We present two simulation examples to illustrate attack detection without false alarms, and the merits of randomized switching (compared with scheduled switching) for the detection of a smart attack. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email